Midnight Commander uses a fixed sized stack buffer while
resolving symbolic links within file archives (tar or cpio).
If an attacker can cause a user to process a specially
crafted file archive with Midnight Commander,
the attacker may be able to obtain the privileges of the
target user.

Alexander Larsson reports that some versions of gnome-vfs and
MidnightCommander contain a number of `extfs' scripts that do not
properly validate user input. If an attacker can cause her
victim to process a specially-crafted URI, arbitrary commands
can be executed with the privileges of the victim.

Midnight Commander uses a fixed sized stack buffer while
resolving symbolic links within file archives (tar or cpio).
If an attacker can cause a user to process a specially
crafted file archive with Midnight Commander,
the attacker may be able to obtain the privileges of the
target user.

Alexander Larsson reports that some versions of gnome-vfs and
MidnightCommander contain a number of `extfs' scripts that do not
properly validate user input. If an attacker can cause her
victim to process a specially-crafted URI, arbitrary commands
can be executed with the privileges of the victim.